Date: Thu, 14 Sep 2000 16:06:44 +0400 From: Igor Roboul <igor@raduga.sochi.net> To: freebsd-questions@FreeBSD.ORG Subject: Re: Root Shells Message-ID: <20000914160644.C31439@linux.rainbow> In-Reply-To: <Pine.GSO.4.10.10009141331040.6653-100000@vasarely>; from roth@iamexwi.unibe.ch on Thu, Sep 14, 2000 at 01:42:18PM %2B0200 References: <20000914090047.C22658@linux.rainbow> <Pine.GSO.4.10.10009141331040.6653-100000@vasarely>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 14, 2000 at 01:42:18PM +0200, Tobias Roth wrote: > > > Over the last few months I have become quite used to zsh, and have set the > > > root account on one of my boxes to use it. However when a friend of mine saw > > > this he seemed to think it a very bad thing, noting that zsh is not in the > > > root partition etc. My question is, is this really a problem? can't I just > > > run sh if the need arises? > > This is bad. This is bad just because you work as root always. If you don't do > > this, then why do you need zsh for root. Also, it is good idea to use static > > linked shell for root. Also, if some error will be found in sh/csh it will be > > fixed "automagically" after next cvsup (or next next cvsup). But for zsh you > > need reinstall it from ports. > > That's what the toor account is for. In normal operation, you use the toor > account with the shell of your choice when you need superuser privileges, When you do normal work, you DON'T need root/toor account. If you need root to start/stop for example Apache, use sudo|su1|... with some alias. YOU DON'T NEED type shell commands as root. This is my security policy, which protects ME from ME. There are really not so many things you need to be root. All these things you can add to sudoers|su1.priv|... files. And do somehing like this: su1 apachectl stop with /etc/su1.priv: [snip] # Web server control define WWWADMIN igor ask never alias apachectl /usr/local/apache/bin/apachectl allow WWWADMIN prefix apachectl [snip] -- Igor Roboul, Unix System Administrator & Programmer @ sanatorium "Raduga", Sochi, Russia http://www.brainbench.com/transcript.jsp?pid=304744 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000914160644.C31439>